The Cybersecurity and Infrastructure Security Agency (CISA) is urging critical infrastructure operators to implement cybersecurity practices following a series of attacks on water and wastewater systems.
"Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm," the organization stated in a release.
The warning comes two days after Arkansas City, KS reported a cybersecurity breach that forced the system to switch to manual operations.
In a release from the Kansas Rural Water Association, Arkansas City Manager Randy Frazer declined to answer questions about whether the Federal Bureau of Investigation (FBI) and CISA were involved in the response to the attack, but said cybersecurity experts and government authorities are working to resolve the situation.
"[The water supply] remains completely safe and there has been no disruption to service. Out of caution the water treatment facility has switched to manual operations while the situation is being resolved," Frazer said in the release.
More and more public water systems are incorporating technology into their systems. Nowadays, SCADA (supervisory control and data acquisition) systems are essential for efficient operations in most water systems across the country. That computer technology in itself can make systems susceptible to cyberthreats. As more infrastructure becomes capable of communication, control, and data acquisition, cybersecurity must become of utmost importance.
The Environmental Protection Agency (with assistance from the United States Department of Homeland Security) is in charge of detection research and response among public water systems. According to the EPA, under a cyber attack, "water system operators can lose their ability to track the true status of the water system. Thus, water system managers need to improve their ability to know:
- when their treatment systems, pumps, valves, tanks, etc. are being compromised.
- how to quickly stop an attack,
- how to recover so that safe and full service can be returned to the community."
Because cyber threats are unfortunately becoming more common, municipalities and other governing entities need to be proactive to protect against breaches, hacks, and ransoms.
READ MORE: "Combatting Cyber Threats Against Critical Infrastructure: Essential Tips and Resources"
SitePro partners with public water systems of all sizes to help them securely manage their critical water infrastructure. Our award-winning software has been recognized by various government entities such as the Department of Defense, Homeland Security, Army, Navy, and Air Force for its impact on national security.
Our subscription-based software ensures your network configurations and firewalls are always up-to-date with the latest technology and upgrades. Real-time data collection and analysis allows your operators to be alerted to any unusual changes to your operations, and our real-time remote control ability allows them to react promptly.
Users can easily be added and removed to your SitePro platform, so only authorized operators have access to your critical infrastructure. Our customer success team also ensures your water operators are properly trained in using the software, so you can monitor and control your water and wastewater operations with confidence.
To learn more about our technology and how to leverage it to protect your water and wastewater systems, give us a call at 806-687-5326.
Reserve your best time to talk.